The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Google Maps for WordPress**

*   Google Maps for WordPress Help Manual
*   How to use Google Maps in WordPress Website

WP Google Map is an awesome plugin to use when adding a custom Google map to your website. It is fully customizable and can be used as shortcode.

**Get WP Google Map pro version**

**DEMOS**

*   **See all Google Map Demos**

**VIDEO TUTORIALS**

*   **Video on Quick Installation**
*   **Video on (Installation, Activation, Creating Map, How to use)**

**DOCUMENTATION**

*   **Complete Installation Guide**
*   **How to get your Lifetime License key?**
*   **How to get your own API key**
*   **Add Google Map in wordpress page**
*   **Add Google Map in wordpress post**
*   **Add Google Map in Sidebar as widget**
*   **Customize Map Language and Regional Area Settings**

**TROUBLESHOOTING**

*   **How to identify and fix the Map loading problems?**
*   **Do you see “the page can’t load the map correctly?**
*   **How to fix Multiple Google Map API loading??**
*   **Don’t see “Embed Google Map” button in new Editor?**

**Note:** According to Google Documentation, You can use Google Map upto **200 USD** for free each month

**TRANSLATIONS**

Get a free **License Key** of the WP Google Map Pro version in exchange for translating our plugin!

*   **English (Australia) – (en\_AU)**
*   **English (Canada) – (en\_CA)**
*   **English (UK) – (en\_GB)**
*   **English (New Zealand) – (en\_NZ)**
*   **English (South Africa) – (en\_ZA)**
*   **Bengali (Bangladesh) – (bn\_BD)**
*   **Spanish (Spain) – (es\_ES)**
*   **Spanish (Venezuela) – (es\_VE)**
*   **German – (de\_DE)**
*   **German (Formal) – (de\_DE\_formal)**
*   **Turkish – (tr\_TR)**
*   **French (France) – (fr\_FR)**
*   **Danish – (da\_DK)**
*   **German (Switzerland) – (de\_CH)**
*   **Arabic – (ar)**

**SUPPORT AND CONTRIBUTION**

*   **Report an issue**
*   **Support Forum**
*   **Post review WordPress** 🙂
*   **Contact Us**
*   **Facebook Page Community**
*   **Facebook Group Community**
*   **Twitter Community**
*   **LIVE CHAT**

To have continued the update, please donate for the WP Google Map plugin. **You will get Lifetime License Key by donating minimum 10 USD**  
**Click here to donate**

**Features of WP Google Map Plugin-Lite version(FREE):**

*   **User-friendly**
*   **Ability to change Map Language and Regional Area!**
*   **Fully Customizable**
*   **Importing the Shortcode by WP Google Map Button on Classic Editor**
*   **Automatic Google Map Location identification with user Consent**
*   **Tested with other popular plugins**
*   **Super easy to use**
*   **Ability to change zoom level(1-22)**
*   **Easy to add a widget (By Shortcode)**
*   **No coding required!**
*   **Drag Map Marker to an desired location**
*   **Ability to use a shortcode in the Posts and Pages**
*   **Fully responsive maps**
*   **Ability to change Latitude, Longitude, Address by Dragging Marker**
*   **Supported UTF-8 font encoding**
*   **Google Map autocomplete available**
*   **Multiple Language supported(Localization)**
*   **Can be used in the single page, single post, sidebar, footer, etc.**
*   **You can set any width and height as you need**
*   **Map full screen functionality**

**Features of WP Google Map Plugin(PREMIUM):**

*   **Ability to create Unlimited Maps**
*   **Ability to create Unlimited Map markers**
*   **Detailed Direction option support with Map**
*   **Image can be added in Marker InfoWindow**
*   **Roadmap, Terrain, Satellite and Hybrid types of map supported**
*   **Supports Google Map Street View option**
*   **You can add multiple maps in any page or post if you need!**

**Please use latest language file**

**USE AS SHORTCODE IN POST, PAGE, AND SIDEBAR.**

            [gmap-embed id="<Your map ID>"]
    

**USE AS SHORTCODE IN PHP CODE**

        <?php echo do_shortcode('[gmap-embed id="YOUR MAP ID"]');?>
    

**POSSIBLE USE CASES**

*   **Contact page Google Map implementation**
*   **Office location by Google Map**
*   **Point your office location by Pin/Marker**
*   **Business Location by Google Map**
*   **Store location view by Google Map**
*   **Location view by Google Map widget**

Contact us if you have any problems with installation or anything else.  
Email: **milonfci@gmail.com**  
Skype: **milon305021**

**It’s simple:**

1.  Download the WP Google Map Plugin.
2.  Upload the zip folder plugins directory “wp-content/plugins”
3.  Activate the WP Google Map Plugin from the Admin panel.
4.  Add the WP Google Map widget to your sidebar using Shortcode.
5.  Add the WP Google Map in posts/pages using the shortcode.
6.  Here you can see Complete Installation Guide

Our WP Google Map plugin is user-friendly, but you can read some frequently asked questions that might help you here.

**How do I get your own Google Map API key?**

See the Video ,hope you will get idea.

**How to Troubleshoot or Debug Map Loading Issue?**

See the Documentation, hope you will find best solution.

**How can I create a new Google Map?**

After installing the plugin, Click on WP Google Map in the left sidebar. Then click on **Add New** . See Video Tutorial

**How do I enable Directions on my Google Map?**

You will see an option named “**Enable Direction in Map**” under each map other setting. Also, you can set the option in creating a new map page. See Documentation

**How do I change Map theme?**

It’s Easy! Go to **WP Google Map**\=-> **Map Edit Page** . Now please See the documentation

**How do I add a Google Map to my Page/Post?**

It’s Easy! Go to **Posts**\=-> **Add New** . Now please See the documentation

**How do I add a Google Map as a widget?**

Go to **Appearance** =-> **Widget** . Now please See the documentation

Like the options and features in it...

Très simple à utiliser. Très facile de rajouter des points d'interets sur la carte. Parfait

Easy setting. Multiple map can made. user's image marker can use. It had exactly the features I wanted.

Worked like a charm and great documentation.

Plugin works as advertised. Really like the option of being able to create my own markers!

Read all 139 reviews

“Maps Plugin using Google Maps for WordPress – WP Google Map” is open source software. The following people have contributed to this plugin.

Contributors

*    Saidur Rahman Milon

**1.8.9**

*   Copy to clipboard for map shortcode
*   Default markers bundle added
*   CADATA introduced for frontend
*   Auto-Complete/Auto suggestion option added for direction From/To input field

**1.8.8**

*   New UI screenshots updated in wp.org
*   Map Theme option introduced including custom theme JSON.

**1.8.6**

*   Marker content update issue fixing
*   Code optimized with WordPress Standard
*   Ajax Datatable js error fixing

**1.8.5**

*   Code Optimization
*   Security enhancement

**1.8.4**

*   CSRF issue fixing
*   Tabs UI update
*   Marker Icon preview issue fixing
*   DB query and code optimized

**1.8.3**

*   Ajax Security issues resolved
*   Marker Edit page minor bug fixing

**1.8.2**

*   Clickable marker infowindow introduced.

**1.8.1**

*   Hot fix: Security issue fixed.

**1.8.0**

*   Multiple Marker system introduced.
*   Complete Admin UI updated for a better experience.
*   Datatable introduced for Map and Marker listing.
*   Added advanced option for API load restriction, prevent other map API loading with user consent.
*   Support page modified for better support.
*   Marker Description and Image attachment support implemented.
*   Security improvement.

**1.7.7**

*   Minor bug fixing
*   Autoloader class implemented
*   Map control options added(disable zoom, disable street view option, disable drag, disable double click zoom, disable pan control)
*   Security improvement
*   Appsero SDK implement for prompt support to users

**1.7.6**

*   Google Map Info Window auto focus bug fixed cause by google map last update

**1.7.5**

*   media\_buttons\_context deprecated issue resolving
*   Review system modification, made standard
*   Code re-organize with trait system
*   Admin UI updated to more user friendly
*   In case of shortcode not found shown a custom message only for logged in admin user
*   According to plugin guide updated code and optimized

**1.7.4**

*   Setup Wizard implementation for user Better experience
*   Installation wizard video and blog Help Manual included
*   Installation and knowledge base updated
*   PHP and JS Source optimized
*   Minor bug fixing in Block Editor

**1.7.3**

*   Custom CSS and JS adding option under settings tab.
*   Map direction UI re-designed and made responsive for various themes.
*   If short code not found, will show a custom message in front end.
*   Settings UI design changed for better user experience.
*   Made responsive for cross-platform
*   media\_buttons\_context deprecated issue resolving
*   Review system modification, made standard
*   Code re-organize with trait system
*   Admin UI updated to more user friendly
*   In case of shortcode not found shown a custom message only for logged in admin user

**1.7.2**

*   Map Center position auto detection on drag-drop and re-centering by user.
*   LIVE zoom updating and rendering once zoom level changed by user.

**1.7.1**

*   HTML content support in Google Map InfoWindow
*   Added select drop-down in WP Google Map widget instead of text box for ShortCode.
*   Disable admin notice for language based google setup.

**1.7.0**

*   Browser geolocation timeout related problem solved, youtube video updated.

**1.6.9**

*   Domain SSl related issue fixing for non-ssl websites.

**1.6.8**

*   Helpful video presentation has been added.

**1.6.7**

*   Admin notices for google map language and regional area settings made conditional.

**1.6.6**

*   PHP array related exception handled.

**1.6.5**

*   Javascript exception handled in Map edit page

**1.6.4**

*   Map language and Region customization option added.
*   Form and field level security enhanced.
*   Secured domain added for mail and verification process.
*   Support contact mail issue fixed.

**1.6.3**

Exception handled for warning message, security enhanced, review giving option added.

**1.6.2**

Security feature updated and feedback resolving.

**1.6.1**

Shortcode related dynamic title class and id updated and bug fixing.

**1.6.0**

Address autocomplete bug fixing.

**1.5.9**

Map direction view option changed.

**1.5.8**

Create new Map UI changes.

**1.5.7**

Security patch updated.

**1.5.6**

Helpful video tutorial added.

**1.5.5**

Language realted changes and some minor changes in files.

**1.5.4**

Dynamic/Customized Marker icon option added, Code related optimization added.

**1.5.3**

New version released with payment option updated.

**1.5.2**

New version released with bug fixing

**1.5.1**

New version released with helpful resources and insitilization of street view.

**1.5.0**

New version released with new helpful video

**1.4.9**

*   Map title on keyup effect added
*   Map type wise map rendering live
*   Infowindow live changing when updating
*   Address related API issue fixing

**1.4.8**

*   License key and api key updating problem server issue fixed.

**1.4.7**

*   How to add Google Map in Gutenberg WordPress editor.

**1.4.6**

*   Removed update to pro once updated to pro version

**1.4.5**

*   Plugin Settings option updated

**1.4.4**

*   LIVE CHAT option added for users.

**1.4.3**

*   Faq and contact page updated.

**1.4.2**

*   Bug fixing, Added instant contact form to give best experience and getting suggestion from users.

**1.4.1**

*   User help manual, FAQ and details description updated, also bug fixed.

**1.4.0**

*   Settings option updated.

**1.3.9**

*   Added pro version features and updated shortcode.

**1.3.8**

*   Google API readme updated, language and donation button added.

**1.3.7**

*   Google API realted update

**1.3.6**

*   Google API realted update

**1.3.5**

*   Google API realted update

**1.3.4**

*   Direction From field default to empty, Readme file updated with Google Billing warning message.

**1.3.3**

*   Spanish language files updated.

**1.3.2**

*   Danish Language Translation support updated.

**1.3.1**

*   Danish Language Translation support added.

**1.3.0**

*   German, German (Formal) and Spanish (Spain) Language file updated.

**1.2.9**

*   Examples button and Donation Button added.

**1.2.8**

*   Tags updated in readme.txt file.

**1.2.7**

*   Readme file updated.

**1.2.6**

*   Translation enabled for some additional text.

**1.2.5**

*   Installation process explained in details.

**1.2.4**

*   CSS updated related to map search box

**1.2.3**

*   Spanish Language support

**1.2.2**

*   Italian Language Support

**1.2.1**

*   Direction support Bug fixing

**1.2.0**

*   Direction support with Google Map

**1.1.7**

*   Look and Feel changes

**1.1.6**

*   Added option for creating unlimited maps(the Previous limit was 10)

**1.1.5**

*   Widget title giving option added

**1.1.4**

*   Added option to disable/enable zoom on mouse scrolling

**1.1.2, 1.1.3**

*   Small bug fixes

**1.1.1**

*   Menu Position changed and readme.txt updated

**1.1.0**

*   Initial Translation support for English(en), Bengali(bn) and German(de)

**1.0.9**

*   https or SSl related problem fixing

**1.0.8**

*   Initial marker dragging related problem fixing
*   API key trailing blank space removed

**1.0.7**

*   Added helpful video both in description and admin panel

**1.0.6**

*   Custom map heading class adding option added
*   Map rendering related problem fixing
*   Custom status message showed

**1.0.5**

*   Added new helpful video with how to get Free API key

**1.0.4**

*   Once plugin activated, goes to plugin settings page directly.

**1.0.3**

*   Self API key adding option added

**1.0.2**

*   Bug fixes with adding helpful video embedding

**1.0.1**

*   Updated screenshots with the FAQ to make easier.

**1.0.0**

*   Initial version of WP Google Map Plugin.

CVE-2021-45729: Maps Plugin using Google Maps for WordPress – WP Google Map

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

*   
*   
*   
*   
*   
*   

**Bug 2043666** (CVE-2022-0335, MSA-22-0004) - CVE-2022-0335 moodle: CSRF risk in badge alignment deletion

Summary: CVE-2022-0335 moodle: CSRF risk in badge alignment deletion

Keywords:

Status:

CLOSED UPSTREAM

Alias:

CVE-2022-0335, MSA-22-0004

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

high

Severity:

high

Target Milestone:

\---

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

2044476 2044475

Blocks:

2043670

TreeView+

depends on / blocked

Reported:

2022-01-21 17:13 UTC by Guilherme de Almeida Suckevicz

Modified:

2022-01-24 17:32 UTC (History)

CC List:

4 users (show)

Fixed In Version:

moodle 3.11.5, moodle 3.10.9 and moodle 3.9.12

Doc Type:

If docs needed, set a value

Doc Text:

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

Clone Of:

Environment:

Last Closed:

2022-01-24 17:32:57 UTC

  

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

  

Description Guilherme de Almeida Suckevicz 2022-01-21 17:13:47 UTC

The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

Comment 1 Guilherme de Almeida Suckevicz 2022-01-24 16:55:58 UTC

Created moodle tracking bugs for this issue:

Affects: epel-7 \[bug 2044476\]
Affects: fedora-all \[bug 2044475\]

Comment 2 Product Security DevOps Team 2022-01-24 17:32:55 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Note You need to log in before you can comment on or make changes to this bug.

*   
*   
*   
*   
*   
*

CVE-2022-0335: 2043666 – (CVE-2022-0335, MSA-22-0004) CVE-2022-0335 moodle: CSRF risk in badge alignment deletion

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.

CVE-2022-21715: URI Routing — CodeIgniter 4.1.8 documentation

Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.

CVE-2022-0269

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions

CVE-2021-24968: Changeset 2648562 – WordPress Plugin Repository

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts

CVE-2021-25013

The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack

CVE-2021-25073

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog

Tag

#csrf